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Editorial 


Editorial 


President's report 

Michael Paddon 


Phil Anderson 

Well gang, it's been fun, but I'm sorry to tell you that 
I'm stepping down as editor of AUUGN. It's been a 
bit of a roller coaster ride since the beginning of the 
year, and a number of personal and professional 
project opportunities have arisen that leave me with 
a lot less time to give to the newsletter. I'd hoped to 
see it through to the end of the year, but it ain't to be. 

The experience of assembling AUUGN continually 
reminds me of my brief stint on the old Monash Uni. 
Astronautical Society's newsletter, CAPCOM. That 
was back in '79, and the whole thing was assembled 
with volunteer labour, using typewriters, layout 
boards, and all the other trappings of the pre¬ 
desktop publishing era. It drove us nuts sometimes, 
but it was a lot of fun too. There was always the 
bittersweet sense of achievement on seeing the 
finished product; bittersweet because no matter how 
careful you'd been, there'd always be some glitch 
that'd sneak through, and it'd be the first thing 
you'd see on opening the issue! Seventeen years 
later, its a very different game on the surface, but the 
feelings are the same, and those dang bugs have 
kept pace with technology all along the way. 

Putting together any publication, especially one 
driven by volunteer labour, draws on the 
enthusiasm and goodwill of all sorts of people. They 
commit the time they can (sometimes more than 
they can) and so often its only that dedicated core 
that keep the publication from an untimely end. 
AUUGN is no exception; you keep seeing the same 
names popping up in the contents page issue after 
issue, because they believe in the value of the 
journal, and are willing to make that extra effort to 
follow through. I thank them all most sincerely for 
their work—as should you—and hope that many 
more of you join their ranks in the issues to come. 

One such new chum is Gunther Feuereisen, from the 
University of NSW. He's valiantly offered to step 
into Janet's shoes for the nonce, to bring you more 
UNIX Tricks and Traps. So sharpen those points on 
your heads, give the oT propeller a spin, and send 
him your wizardly UNIX tweaks! His first offering 
can be found in this issue. 

So farewell! Support your society! Keep the UNIX 
flame alight! Remember who your superuser is, and 
don't forget your password! © 


In the physics of the open systems universe, the C 
programming language has served as a fundamental 
force ever since that continuum's equivalent of the 
big bang. Just like our own universe, it is hard to 
pinpoint the exact birth moment of "open systems”, 
however it is common practice to date the epoch 
from the creation of UNIX (circa 1969-1970). 

This is a little inaccurate to say the least, given that 
UNIX was written in assembler (and hence not 
particularly portable) and that it sported a very 
limited functionality. It was, however, a timesharing 
system from the first, which compares quite 
amusingly against the recent history of mainstream 
PC operating systems. 

In fact it wasn't until First Edition (1971) that UNIX 
was written in a portable, albeit limited, systems 
language called ”B". By Fourth Edition (1973), UNIX 
was written in C, and it was beginning to exhibit the 
portability that we consider its natural domain. Fifth 
Edition (1974) was made freely available to 
educational institutions and the era of open systems 
had clearly begun. Here ends the history lesson! 

The point of all this was not to bore you to death 
with a dry history, but rather to illustrate that this 
thing we call "openness” (is that a real word?) is tied 
far more closely to the C language than it is to any 
operating system. This was true at the genesis, and 
remains true today with standards such as POSIX 
loosening our shackles to any one operating system. 

Even within the UNIX world there is wild variation, 
yet this diversity does not inhibit the porting of code 
that was written to be portable. 

This extends to the non-UNIX system as well, 
assuming that the vendor approaches portability 
with an honest effort, and not just a "tick the box" 
mentality. Regular readers of AUUGN will recall last 
year's fuss over the Windows/NT POSIX subsystem 
as a case in point. 

Which brings us full circle to my original metaphor. 
The C programming language is the gravity of the 
open systems universe, a constant force that binds 
all things open together. Just about every important 
piece of open software is written in C, or a derivative 
(like C++), or in a language whose 
compiler/interpreter is written in C. 

Not bad for a flawed language. Remember what a 
truly dangerous tool C was before ANSI got to it? 
Even today, there are still warts left over from when 
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it used to be a high level assembler, as well as more 
fundamental problems: for example consider issues 
as diverse as scoping, exception mechanisms and 
multilingual support. 

Even when compared with its contemporaries, Algol 
and Pascal, C looks somewhat anaemic. But the 
strength of C does not lie in theory, it lies in 
practicality. 

What you can effectively achieve with a language is 
far more important than any other measure. Make 
note of this fact, for we will return to it. 

Today there is a new game in town: Java. Cutting 
through all the marketing hype and propaganda 
(both positive and negative), Java is a relatively 
simple new object oriented programming language 
that assists in the construction of network 
downloadable applications. 

That's just about all there is to it, despite all those 
millions of words written about it by people who 
think that the Internet was invented in 1992, that 
HTML is a programming language, and that the 
phrase ’’paradigm shift” is a cool and edgy thing to 
say. 

Let's explode a few myths and make a few 
observations. 

There is nothing special about Java as a language. 
Sure, it does garbage collection, it's got references 
instead of pointers and it has a security model 
enforced by its virtual machine. None of these are 
ground breaking (though some of the security stuff 
is pretty interesting). 

Similarly, C is not special as a language. If Dennis 
Ritchie had decided that an extended Algol was a 
great systems language we'd all be compiling with a 
GNU Algol compiler today (gal?). 

Java, like C, is highly versatile and portable. In fact 
Java probably has an edge here, given the virtual 
machine technology it is layered over. Java also has 
a highly functional and stable set of libraries, which 
allows it to be an immediately useful tool for 
building applications and interfaces without every 
programmer needing to reinvent the wheel. 

There's nothing special about Java's libraries, 
though, and countless examples of similar bodies of 
software are available for just about every modem 
language. 

Java does create the opportunity for a completely 
novel class of application: the ubiquitous, 
downloadable applet. This is more of a function of 
the virtual machine however, and many other high 
level languages could be targeted at the same 
execution environment. 


We could have been really unlucky and have had 
Gosling decide that Lisp was a spiffy high level 
language to base an applet language on. Hardly 
bears thinking about, does it? 

Where does this leave us? Java is obviously a good, 
but far from perfect, language that is Internet 
portable and allows us to construct new kinds of 
programmes. Not unlike C, Java is a pragmatic 
technology, in the right place at the right time. 

As we have already seen, it is languages that drive a 
new technology, and it is likely that Java (or 
something like it) will be the powerhouse of the next 
wave of open systems; one based on downloadable 
applets and distributed computing services. Java 
may yet falter as the vehicle of this change, but it is 
clearly the prime contender. Somehow, Sun have 
convinced just about everyone to run the Java virtual 
machine, which just goes to show the benefit of 
being first in a marketplace. 

In any case, I am dead sure that it is a language* 
and not a browser or a web server or an operating 
system or even a database that will be the keystone 
of future global computing. I'm backing Java. What 
do you think? 

Which brings me to a shameless plug. As you are all 
aware by this stage, AUUG is presenting a 
roadshow, from June 21 through July, entitled ’’Java 
in a Demitasse”. David Flanagan, author of "Java in a 
Nutshell” (which I highly recommend) is giving a 
one day tutorial to five different chapters over this 
period. 

This roadshow model is something we've tried 
before on an ad hoc basis, but we are now getting 
organised to run two a year on a regular schedule. 
We did consider three, however the logistics are 
challenging and we feel that fewer high quality 
events are preferable. 

One of the most difficult things in organising a 
roadshow is that it is patently impossible to get a 
presenter around to all of the chapters on the 
continent in 10 to 14 days (at least if we want them 
alive at the end of the tour). This always leads to a 
lot of heartache where we must construct a schedule 
that excludes a chapter or two. 

We are currently working on the principle that, first 
and foremost, every chapter must get one roadshow 
a year. We also attempt to accommodate the wishes 
of the presenter in terms of itinerary (they almost 
always start or end near the Great Barrier Reef for 
some reason). 

In any case, if the Java tutorial doesn't come to you, 
rest assured that the next one will (we are planning 
for November). If you think these roadshows are a 
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good idea, please support us and attend. In the final 
analysis it is your interest that makes these events a 
success. 

All this is a natural extension of the AUUG chapter 
programme and signals an accelerated change of 
focus from one large centralised event per year to an 
ongoing fixture of local happenings. 

The winter conference will certainly continue to be a 
world class conference, however your committee 


feels that you shouldn't have to visit Sydney or 
Melbourne once a year to benefit from your 
membership. 

We also feel that the conference format is self- 
limiting in terms of the scope of material that can be 
presented. 

As always, AUUG is in a state of continual change. 
Your comments and ideas are always welcome, so 
please don't hesitate to drop me a line. ♦ 
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Wither Go HPC? 

Frank Crawford <frank@ansto.gov.au> 

Australia keeps making claims to being a country 
that rapidly adopts new technology, wants to be 
innovative, and at the forefront of developments. 
However, in truth, while at an individual level this 
may be true, at a corporate level, this is far from the 
truth. 

Possibly one reason for this is that Australian's are 
notoriously lazy, and will take advantage of 
anything to make their lives easier, but within 
business, they subscribe to the philosophy that it is 
better if it is done overseas. 

Nowhere is this more obvious than in the area of 
High Performance Computing, or more commonly 
known as Supercomputing. Most people have heard 
of Cray Research and Cray supercomputers, many 
have even heard of Silicon Graphics and their 
graphics performance. 

But the use of such systems within Australia, is very 
different to that found overseas. For example, the US 
government set up a number of supercomputer 
centres, with the aim of fostering collaboration 
between industry and science. This proved to be a 
huge success, and they have now moved on to the 
next stage, where they are no longer funding these 
centres for such collaboration, but are expecting 
them to be self funding. 

Aside from this US companies themselves, have 
picked up on the benefits of HPC, sometimes 
initiated by such collaborations, sometime just from 
the obvious economic advantages to competitors. 

You will find HPC systems in many industries, 
ranging from aircraft design, to economic 
forecasting, drug design to weather forecasting. In 
fact any industry where mathematical and computer 
models can be constructed and manipulated. 

This trend is not just confined to the USA, Japan are 
probably one of the largest users of supercomputing 
within the world, and new industrial giants, such as 
Korea, also have made extensive use of HPC. 

Europe, as well, have a large number of HPC 
facilities, although the largest of these are related to 
either government or academic environments. 

When you look at the situation in Australia, it is 
difficult to believe that any of the people in power, 
be it government or business, are aware of these 
events. Within Australia, there have been a number 
of attempts to setup HPC centres, almost always to 
no avail. 


One of the problems with the setup of these centres, 
is that they are expected to be money making 
propositions almost from the start, and yet they have 
been constrained by tight budgets, and lack of funds 
to meet client needs. 

In almost all cases the initial cost of the hardware 
has dominated thinking and yet, without software, 
such a system may as well be a pile of junk. 
Unfortunately, the cost of software for such systems 
is high, and the variety needed is relatively large. 
Without such a range it is very difficult to 
demonstrate to unsure businessmen how they can 
make best use of the facilities. 

So what use can Australian business make of HPC 
facilities? Firstly, these systems are not designed to 
replace what is currently calculated on the Pentiums 
that now seem to be the main work-horse of 
industry. Rather they allow a whole new dimension 
of calculation to be undertaken, either literally, for 
example by calculating in three dimensions rather 
than two dimensions, or in much more detail. 

The other side of HPC is the issue of visualisation. 

As the calculations become more extensive, the 
volume of results become too large for simple 
examination, and it becomes essential to process the 
data in some fashion to make it more 
comprehensible. This can be as simple as plotting the 
data in a number of different fashions, to overlaying 
it on an understandable background, e.g. a map, to a 
fully computerised graphics display such as seen in 
computer animations. 

Like anywhere else in the computer industry, the 
use of such facilities takes considerable experience 
and knowledge, much of which is very specialised. 
These skills can only be learnt in a HPC facility, but 
the lack of these facilities means it is generally 
unlikely. 

This is one of the major problems with the current 
policy within Australia, and why some form of 
support is required in the early stages. Without such 
support, the basic skills are never developed, and 
the impression develops that we are not in the same 
league as elsewhere. 

Within Australia there are few real HPC centres, and 
one is at the Australian National University (ANU), 
within their Supercomputer Facility. This is not a 
teaching faculty, but rather a unit setup especially to 
develop and utilise the benefits of supercomputers. 

It is primarily used by researchers, but it does 
develop skills in the use of HPC which can then be 
utilised elsewhere. 

Another facility is VisLab, located at Sydney 
University, which is a centre established to make use 
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of many of the modem techniques and skills 
necessary for visualisation, i.e., to handle the 
volumes of data generated by modem systems. 

These are not the only facilities within Australia, 
although they are probably the premier ones. They, 
together with the other smaller centres, are 
developing the skills necessary for HPC, but we still 
need to work on the transfer of these skills to use by 
businesses. This is an area that will take money, and 
a long term view, things not commonly seen either 
in Australian business or in the public sector 
funding. ♦ 


Presenting at 

AUUG96 

Conference 

Frank Crawford 

Anyone involved in AUUG, either as a member or 
just as an observer would be aware that the next 
winter conference will be held at the World 
Congress Centre in Melbourne, between 18th and 
20th September. Again, this year, the conference will 
be held in collaboration with Charles Sturt 
University. As usual this will be preceded by a 
number of tutorials, probably as during AUUG95 
covering two days, the 16th and 17th. 

However, while this event is the biggest open 
systems event in Australia, attended by well over 
500 people (over 800 at AUUG95!), it is a constant 
battle to obtain high quality papers and tutorials, 
despite work being carried out in this area. By now 
you should have seen the “Call for Papers” for 
AUUG96, outlining the relevant dates for 
submission of abstracts, final papers, etc. 

What I would like to do here is to encourage you to 
submit either a paper or a tutorial for this exciting 
event. While AUUG conferences traditionally have a 
theme that they work towards, the program 
committee is willing to consider proposals falling 
into the open systems area, networking or the 
Internet. 

In fact the conference has three different categories 
of presentation, technical, management and 
tutorials. The technical stream is designed to appeal 
to those who want either detailed knowledge of how 
the technology works, be it a detailed presentation of 
a new protocol, code or product. On the other hand, 
the management stream is designed to give an 


indication of how the technology can be used, 
without going into too much detail about how it 
works. Presentations within the two streams are 
designed to fit into a 30 min. slot, allowing some 
time for questions. 

Finally, the tutorials, which in fact can be either 
technically or management oriented, are a much 
more in-depth presentation, running either a half or 
a full day, and giving those attending useful 
knowledge that they can use in their current field. 

While many people attend in order to obtain new 
information, knowledge is only valuable if it is 
shared. Without such sharing, it is impossible to 
verify that it is correct or even useful. By presenting 
either an outline or details of current projects or 
research interests it is possible to find others who are 
either working in the same field and can assist you, 
or who are interested in your results and willing to 
support you. 

So, if you have anything that you feel is valuable to 
the computing community within Australia, whether 
it is in a technical area or a management area, you 
should consider presenting at AUUG96. It will 
certainly be aired before one of the biggest and most 
diverse cross-section of local computer people and is 
very likely to attract interest. 

Rather than sitting back, you should submit an 
abstract to the program committee, outlining you 
presentation and see if you can join those others who 
are trying to influence the direction of computing in 
Australia. ♦ 
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Is a Standard UNIX a 
Good Idea? 

Frank Crawford 

If you read any sales pitch by an NT salesman, you 
will always see a line about NT being standard 
across their entire hardware range "unlike the many 
variants of UNIX". While this makes good copy for 
advertising NT, is it really true, and is it really a 
good idea to have a single standard version? 

For a start, UNIX is far more standard than it 
appears from the advertising. For most of its life the 
system calls and standard libraries have been just 
that, standard. This is obvious from the volume of 
public domain software that has been ported across 
virtually all UNIX platforms. This has been written 
by the average programmer, who then found that it 
was simple to port it to some other system. 

For more official standards, X/Open has the 
Specll70 standard which specifies 1170 APIs that 
are required on UNIX systems to be certified. While 
the X/Open standard is more complicated than just 
a list of APIs, it does show the commonality across 
the range. 

As well as this, a number of Application Binary 
Interfaces (ABI) have been defined on many 
hardware platforms, allowing shrink-wrapped 
software across different UNIX versions, including 
Intel x86 and Motorola 68000 CPUs. 

However, even more importantly, a single standard 
is not what is required. Architectural differences, 
marketing differences or even technological changes 
mean that there needs to be freedom for 
improvements, driven by user needs. For example, 
do you require the same batch facilities on a PC 
print server running Linux as is needed on a Cray 
supercomputer? The fact that different vendors add 
extensions to the UNIX standard allows them to 
both adapt to their requirements or try new features 
to gain market share. 

This also brings in the issue by many software 
vendors that "there are too many versions to port 
to". However, the major difficulty in porting is 
related to the use of these extensions, for higher 
performance. If there were no use of the extensions, 
then a simple recompilation would be all that was 
required. 

On the other hand, the inclusion of new features is 
always a possibility, for example, who could 
disagree with the inclusion of TCP/IP in the original 
versions of BSD UNIX? Today these facilities are in 
every version of UNIX, and even a standard for 


Window's PC (WinSock). This process is continuing 
with new standards being defined for 
multiprocessor support, distributed computing and 
other advances that are only theory at present. 

Differences in UNIX are not only caused by 
additional features in the versions of UNIX, but also 
simply the long life of UNIX. Just because a vendor 
upgrades to the current standard, doesn't mean that 
all customers will instantly, or even eventually, 
upgrade to that version. 

The number of UNIX vendors itself causes some 
variation in the versions of UNIX, as some will be 
more proactive in fixing problems. For example, 
when you look at recent security problems, some 
vendors will have patches out within days to correct 
them. This in itself is a sales point, as for some 
applications the speed of fixing problems may be an 
issue, for others it may not be as critical. 

Having a single version of UNIX, would mean that 
any changes would have to be coordinated though a 
single bureaucracy, with delays both in reporting, 
correction and then distribution. As well, it is 
obvious that the total number of people employed to 
review and correct problems with UNIX today, is far 
more than if the work was only done by a single 
group. 

As a final point, the claim that there is a single 
version of NT is itself a fallacy. For a start, there 
have been a small number of different versions of 
NT released, with more in the future. As well, at the 
lower levels, there are significant differences, many 
hidden but still there. For example, it has been 
reported that the hardware abstraction layer for 
Compaq systems is sufficiently different that you 
cannot use the version distributed with the standard 
NT distribution. 

Even more importantly, if the performance features 
of the hardware are not being appropriately used, be 
it an Intel Pentium or a Digital Alpha, then the 
customer is being disadvantaged, as they are 
expected to over configure the system for the 
software vendors' benefits. 

In conclusion, while UNIX may have a number of 
varieties, the differences are minor compared to the 
similarities. While these differences go to make 
UNIX stronger in the long run, allow rapid adaption 
to changes, fast correction of problems and optimum 
utilisation of the hardware. The cost for this is some 
extra work by software vendors, however, this is 
only required if they want to take advantage of the 
extensions, rather than staying with the defined 
standards. ♦ 
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Comments on the 
Future of the 
Internet 

Frank Crawford 

For some time AUUG has been seen as one of the 
major technical organisations involved in the 
Internet in Australia, and so at the recent AUUG 
NSW Summer Conference we took the opportunity 
to hold a discussion on what those actively involved 
in the industry thought the future would be. 

Those present included technical staff from Internet 
Service Providers (ISPs), TCP/IP system developers 
and researchers, net users from within Sydney and 
elsewhere within NSW and novices looking at 
joining the net. 

The first issue covered was that of bandwidth, both 
within Australia and overseas. With the change of 
the responsibility within Australia from the AVCC 
through AARNet to Telstra through TIS and the 
rapid increase in bandwidth, it was an obvious 
issue. In general the audience agree that this change 
was inevitable, and in general seemed to be 
working. There were a few concerns with both 
unmet performance targets and the fear that Telstra 
would try and be both a bandwidth provider and a 
service provider. 

There was a belief that some areas of network 
engineering needed to be looked at, such as having 
two separate links to the US (which is now being 
merged to a single link by TIS). One major concern 
here was that when TIS took over the AARNet there 
were promises that archive and other proxy servers 
would be introduced, but this had not eventuated. 
There was some uncertainty whether these servers 
would be better located within each regional 
network organisation (e.g., Sydney, Canberra, etc.) 
or as a single much larger national server. 

Discussion then continued on the changes occurring 
within ISPs, who have been springing up in all sorts 
of areas. One statement that was made was that ISPs 
today were the business equivalent of video shops in 
the 1980s. There will be lots of shuffling, merging 
and failures over time. 

The ISPs that will survive will be those that provide 
service and assistance to their customers. The type of 
service will vary from ISP to ISP, for example some 
of the larger ones are aimed at corporate customers, 
while others may be aimed at special market niches. 
Such niches may be a particular occupation (e.g., 
Jewelers with the Australian Jewelry Network), 
ethnic groups or locality. 


A discussion of ISPs outside Sydney indicated that 
they do seem to be appearing, although, generally 
there is only one for a particular area. For those 
considering starting up as an ISP, an important 
comment by those ISPs present was that there is no 
profit in simply being an ISP. The best setup was to 
established it as a means of covering the costs of 
your own network connection. Any profit is only 
made from add on or other services, such as 
training, software development or other services not 
directly related to the business of being an ISP. 

A mention was made of the cost of network 
connections, and while they have gone down, no one 
felt that it was cheap, and in fact some services, such 
as MSN were thought to be very expensive. 

On the actual usage front, the major reason for 
joining the net has changed from simply getting e- 
mail, to wanting to establish a presence on the 
"Web", and thus from primarily technical users to 
commercial users. Everyone today "needs" to set up 
a home page, display their product, put images for 
customers, and generally set up a virtual 
marketplace. The issue of payment within these 
virtual shops is an unsatisfied issue, but that is 
coming rapidly. While most long-term users of the 
net weren't thrilled by this development, they did 
accept that it was the way of the future. 

Security was a concern, although wasn't considered 
a major problem for the small user. In fact when the 
question came up of whether people would be 
willing to send their credit card details by e-mail, 
most agreed that while this wasn't safe, it was far 
safer than using a credit card in some less reputable 
shops or restaurants. 

On the issue of the future, no one was really willing 
to look more than a year ahead, and that was only a 
continuation of todays activities. There is the belief 
that major changes will occur, but the direction is 
not easy to predict. The major growth in the near 
future is certainly seen to be the World Wide Web 
and related activities. 

On the final question of basic changes to the 
infrastructure of the network, with the introduction 
of IPv6, no one was particularly concerned with this. 
This was believed to be even less of a problem as 
IPv6 includes compatibility with the current 
generation of networks. 

So in all the session was valuable to those present, as 
it gave them both a chance to air their views, and 
also to ask questions that may have been worrying 
them. All participants were sure that the Internet in 
Australia was here to stay, and in fact, will grow to 
become an essential service, but what it will look like 
then is hard to identify. ♦ 
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Can existing security 
solutions scale cost 
effectively? 

Marcus J. Ranum 

Lots and lots of people are trying to figure out how 
to make money over the Internet. The problem is 
that all the currently thought-of ways to make 
money involve large volumes of transactions. 

Large volumes of transactions are a nasty problem 
because they have to be FAST and CHEAP and if 
they involve security then you are up against the 
universal law: 

"Cheap, Fast, Good—pick any two" 

It's simply not going to work if every E-cash 
transaction costs $.001 for processing, but the 
processing bureau needs a warehouse full of CRAYs. 

We security experts have our work cut out for us!! If 
all the commercial firms that are eyeing the 'net as 
their future playground, they have to find a model 
that is profitable, and if it's security significant that 
means that we security experts need security that 
violates the universal law and is simultaneously 
cheap, fast, and good. I don't have the reference but 
one analyst group (Yankee, I think it was) has even 
published conclusions that indicate that nobody 
actually cares a fig for security for Internet 
transactions; they only care because the New York 
Times said it was a problem. The interesting 
conclusion Yankee made was something to the effect 
that if all the Internet's security problems were fixed 
tomorrow, it would not be noticeably better as an 
environment for doing the kind of commerce that is 
currently being done. 

What I wonder, though, is if anyone *KNOWS* that 
is currently being done! In my wanderings this last 
year, I have seen things being sent across the 'net, 
with no security, that absolutely terrify me. Patient 
medical records, military logistics(l), bank 
transactions, stock trades - all manner of 
completely, mind-bogglingly scary stuff. But it's OK 
because it hasn't made the New York Times. Yet. 

Perhaps the security model of the future is the 
"school of fish" technology. Assume that if all the 
fish "just do it" a few will get snapped up and eaten 
but the vast majority will continue to cheerfully 
swim and spawn and be happy. Come to think of it, 
that's the "security model" for credit cards. I'm 
getting cynical in my old age, aren't I? 


Marcus Ranum is the Chief Scientist for V-ONE 
Corporation , and a well respected figure in the 
Security community. This article was based on an 
idea Marcus originally posted to the Firewalls 
mailing list.* 


How Long Does 
Security Last 

Frank Crawford 

So your site is now secure. You've spent lots of time 
and/or money on putting in the latest in security 
software, firewalls, auditing and related systems, 
and now you can sit back and let your staff get on 
with their "normal" functions knowing that they will 
be safe from external attack. 

Unfortunately, you are wrong, and if you do sit 
back, you are likely to find your site easily 
penetrated in a year or so. Securing a computer site 
is more like securing your car from theft, than 
securing your house, because of the rapid changing 
environment. The design of houses has not changed 
in centuries, and while some of the materials used 
may have changed, this change is measured in 
decades not weeks. 

On the other hand, as new model of cars come out 
every year, they open up new problems with every 
redesign. Even more importantly, only recently have 
car manufacturers started considering security 
during the design stage. So, while the latest models 
may be more secure, there are plenty of models still 
around which are easy targets. 

When you move on to look at computer security, the 
seen becomes even more frightening. For a start, the 
industry is changing at an ever increasing pace. 
Where something was just a concept yesterday, it is 
today being sold as what you need to keep up, and 
is finally deployed everywhere within a year. 

At a more basic level, the underlying structure was 
never designed with security in mind and, no matter 
how much work is put into security of the higher 
level layers, it is all being built on a shaky 
foundation. 

These problems don't mean that security is 
impossible to achieve in the computing 
environment, but it does mean that it takes continual 
work. 

Looking a more concrete examples, prior to about 
1992, passwords were generally considered 
sufficient protection on most account, as the time 
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taken to crack the average password was thought to 
be excessive. Today, most sites have access to 
systems that can crack password of up to six 
characters, though simple brute force methods, in 
just a few days. To make matters even worse, 
methods more efficient than simple brute force such 
as dictionary lookups, are becoming common. 
Today, for secure access, one-time passwords and 
other authentication tokens are recommended. 

When looking at the network level, spoofing of 
addresses, i.e., where addresses within your 
network are forged by hackers outside your 
network, have been a theoretically possibility since 
the late 1980s. However, no one considered it when 
designing firewalls and other network protection, 
until hackers started using these mechanisms in 
scripts and programs to break into sites. Today, 
setting up access lists to block address spoofing is 
one of the first items considered for packet filters. 

Looking to the future, encryption is now being sold 
as the way to ensure security of data transmissions 
and related activities. While this may be true today, 
next year or the year after, the current methods will 
be broken by some "unexpected" method. This may 
be brute force or it may be through detailed analysis. 

Even just looking at the history of encryption over 
the past few years, it has been a continuing battle 
between cryptographic designers and cryptographic 
crackers. When Rivest, Shamir and Adleman 
published a challenge in Scientific American in 
August 1977 to anyone who could decrypt a 
message using the, then new, public-key encryption 
system, they claimed that it would take 40 
quadrillion years running time to break the message. 

The message was broken in April 1994, after a 
period of only eight months using 1600 systems 
throughout the world! 

The reason for the "rapid" breaking of the code was 
the increase in computing power and the use of 
different algorithms and methods than originally 
envisaged by the designers. 

The most widely used public-domain encryption 
program, PGP, has itself been affected by these 
changes. When it was originally released, it 
supported a key size of 384-bits. Today it is 
recommended that the minimum size used is 1024- 
bits, and the latest version supports key sizes up to 
2048-bits. 

And now, by analyse of timing delays in network 
encryption systems, it is theoretically possible to 
crack network messages. While this is unlikely to be 
a problem in the short-term, it does show that 


unexpected techniques may affect currently 
"unbreakable" schemes. 

All this doesn't mean that security is not possible, 
but it does mean that continual monitoring and 
upgrading of any security system is a necessity. 
Whatever is in place today will certainly not be 
secure within a year, but which areas will be 
vulnerable cannot be predicted in advance. These 
holes will have to be closed as they become known. ♦ 


Summary of IDC 
Industry Briefing 

Phil McCrea 

I attended the annual IDC industry briefing recently. 
This is an event when IDC, the market research 
company that specialises in IT, lets us know what 
happened last year, and projects what is likely to 
happen in the next few years. Whilst a lot of the 
material is fairly dry, and it's a bit hard to 
concentrate in the afternoon after a generous lunch, 
it is a good opportunity to get a feel for trends in the 
industry, and of course to meet people. 

This article summarises the areas where UNIX was 
mentioned. 

Firstly it's reassuring to know that IDC believes 
UNIX is alive and well, particularly in the mid¬ 
range, or multi-user area, also called the 'server' 
market. Philippe de Marcillac, the visiting IDC Vice- 
president, reported that NT was starting to make 
inroads into this area, but that "UNIX will not be 
displaced easily". UNIX in fact is moving up-market 
and dominates the high end of the server market, 
where high availability and mission critical systems 
are important. Those of us who have been involved 
with UNIX for some time will chuckle a little over 
this—several years ago UNIX was considered to be 
too boffinish to be in any way trustworthy! 

The two other operating systems in the high end of 
the server market are OS/400 and VMS. Whilst there 
is still a strong installed base of these two operating 
systems, there is very little growth—only around 5% 
last year, compared to UNIX's whopping growth of 
31 %! 

These good UNIX figures are tempered somewhat, 
however, by poor performance in the UNIX 
workstation area, which actually shrunk last year in 
dollar terms, although shipments were up. This is 
due mainly to the ever improving 
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price/performance of PCs, which are threatening the 
UNIX workstation 'space'. 

In terms of vendors, HP dominates the UNIX 
midrange area by a fair margin, with almost 30% of 
revenue in this area last year. However, Both IBM 
and DEC exceeded HP's revenue in the midrange 
area, thanks to their proprietary operating systems, 
although with the huge anticipated growth rate for 
UNIX, this situation will not last more than another 
year or so. 

In the UNIX workstation area. Sun is dominant by a 
country mile, with 40% of units shipped, and about 
30% of revenue. The big improver in this area is SGI, 
who almost doubled their shipments last year, 
although with very little revenue increase. 

There were a couple of interesting gems from some 
other speakers. Tony Langman compared the 
current IT industry with the car industry from the 
1930s. He showed an advertisement for a 1935 
Chrysler Plymouth from York Motors, Sydney. The 
advertisement concentrated on technical features of 
the vehicle in some detail, such as the cooling 
system, brakes, and suspension. By comparison, 
contemporary advertisements for cars concentrate 
on areas such as driver comforts—i.e., on the 'user'. 
He then showed a recent advertisement for a PC, 
replete with jargon such as 16Meg memory, 1 Gbyte 
disk, lOOMhz processor, PCMCIA, etc. It's clear that 
the IT industry still has an obsession with itself—it's 
users who buy computers now, not boffins! As it 
matures, advertising will begin to focus on the user. 

One final point was worth noting. Peter Hind 
summarised a recent comprehensive survey of MIS 
managers that he had carried out. Lots of interesting 
figures, but the most interesting statistic to emerge 
was the response to a question on whether they used 
the Internet today for electronic trading. 10% of 
respondents indicated they were—but a whopping 
60% said they would be by the end of 97!! 

A second interesting result of the survey is the 
intention of most organisations to install Intranets. 

In summary, the briefing indicated that UNIX 
people need have no fears about job security—UNIX 
is alive and well, and growing at a healthy rate. But 
when you add the Internet, which after all is a 
creature of UNIX, into the equation, the situation is 
looking very rosy indeed! ♦ 


Internet Censorship 

Robin Whittle 

The debate about Internet censorship encompasses 
some diametrically opposed views, including the 
proposal of the NSW Government to impose harsh 
criminal penalties for any networked 
communications, including e-mail, which would be 
classed as "Mature Adult" or beyond in the film 
classification scheme. 

This article highlights some of the problems in the 
current debate and points to the solution for 
protecting children. More detailed information is 
available from 

http://www.ozemail.com.au/-firstpr/contreg. 

Internet communications will soon provide adults 
with an unprecedented level of control over access 
to resources by the children in their care. The 
sophistication of control offered by the Platform for 
Internet Content Selection (PICS - 
http : //www. w3 . org/pub/WWW/PICS) far 
exceeds that which is possible with current Internet 
filter software such as "Net-Nanny" or with the 
V-Chip proposal for television. 

Those who support Internet censorship and those 
who oppose it agree on at least one human value: 
that adults must provide children with a safe and 
supportive environment in which to play and learn. 

Differing human values are significant in the dispute 
about censorship of communications between 
consenting adults. One view is that community 
standards must be protected. Another is that free 
speech is of paramount importance. A third is that 
no single set of standards is appropriate to all 
citizens of multicultural Australia, so adults should 
not be constrained by one official "community 
standard". 

The child protection and adult censorship debates 
are often confused. There is insufficient 
understanding of the value of the new PICS protocol 
and how impractical and unnecessary it is to attempt 
to censor Internet communications. Much of this 
confusion arises from poor understanding of the 
Internet and from the belief that it is a broadcast 
medium. 

The Internet most closely resembles the postal 
network and the telephone system. It is not a 
broadcast or mass media at all. It is a bidirectional, 
point-to-point, global communications 
network—three of the many factors which 
distinguish it from the unidirectional, one-to-many, 
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nationally confined distributive model of 
broadcasting. 

Some Internet high level protocols support 
publishing, based on user driven requests of 
material from millions of sources—including from 
domestic users. Broadcasting involves a relatively 
small number of source controlled streams of 
material which viewers simply switch between. 

With cryptography and the inherent flexibility of the 
Internet, it is impossible to reliably block or monitor 
communications between motivated 
individuals—just as it is impossible to censor the 
postal service or the telephone network. 

The clearly desirable goal of thwarting criminal 
communication—including paedophiles transferring 
image files—is unfortunately impossible to achieve. 
With or without Internet communications, for better 
and for worse, we are now in an era of extreme 
information fluidity in which every barrier to 
information flow can be bypassed in several ways. 

How then are we to protect children from unsuitable 
material? 

Three of the four proposals for protecting children 
from unsuitable material are unworkable. The 
fourth, based on the PICS protocol, is very 
promising. 

The first proposal is to censor "Internet content" at 
its source. While this might be achieved, at 
tremendous social cost, within a single country, it is 
obviously impossible on a global scale. 

The second proposal is to install simple software in 
the user's PC to detect "banned" words. Thus an 
incoming text file which includes the word "breast" 
could be blocked entirely. This cannot work with 
image files and is such a blunt and poorly directed 
approach as to be unworkable. 

The third approach is to block information packets 
being sent to or from particular IP addresses. This 
can be accomplished in the home PC or, with much 
greater difficulty, in the ISP's router. The immediate 
effect is to block all communication with specific 
computers—for instance a single computer which 
provides e-mail, FTP, WWW and many other 
services for an entire university. 

This "IP address blocking" is a coarse and disruptive 
method of blocking access to Internet resources. It is 
also completely ineffective, since even a child can 
configure their WWW browser to use one of the 
many publicly accessible HTTP proxy servers 
anywhere in the world. This enables them to access 
any site via the proxy -completely bypassing local 
barriers to particular IP addresses. 


The fourth approach is software to control access 
according to PICS ratings labels. Netscape, Microsoft 
and other companies plan to integrate this into their 
browser products by late 1996. This software uses 
external sources of ratings about Internet resources, 
enabling adults to fine tune the access criteria for 
each child in their care. 

Before the browser software accesses each file or 
Internet resource, it first requests labels regarding 
that resource from one or more PICS label 
servers—which could be anywhere in the world. 
These labels contain ratings according to any 
number of value systems—for instance several 
different aspects of child suitability. Within a few 
seconds the access control software receives these 
labels and uses their ratings to decide whether to 
request and display each file or image, according to 
thresholds set by the adult. 

PICS based filtering can only be done within the 
user's PC. It cannot be achieved or imposed by the 
ISP or government. It does not censor adult use of 
the Internet. PICS enables a sophistication of control 
far beyond what most participants in this debate 
have so far imagined—while attempts to block 
access to "sites" or censor material at its source offer 
little or no protection at all. 

Robin Whittle's consultancy. First Principles, 
specialises in telecommunications, privacy and 
m usic marketing firstpr@ozemail. com. a u 
Ph. 03 94592889 ♦ 


Paying on the Net 

Phil McCrea 

Currently the Internet is being used mainly for 
advertising. Most organisations have created a home 
page of sorts, even if it's only for the purposes of 
sticking their toe in the water. Simple Web pages can 
be put together quite easily, using authoring tools 
like PageMill or Microsoft's new FrontPage. 

The business model with Web advertising is much 
like any other form of advertising—organisations or 
business wishing to promote themselves pay the 
company hosting the material on the Web. There is 
no cost to the person looking at the advertising. 

A few companies have moved from the advertising 
model to a purchasing model, where catalogues are 
displayed on the Web and users make purchases 
using a credit card. In this respect Web purchasing is 
like mail-order shopping. Web shopping is more 
popular in the US than it is here, not because 
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Americans are more adventurous necessarily, but 
because mail-order shopping is much more part of 
everyday life in the US than it is here. 

The only method of payment at present on the Web 
is credit, and the main credit card companies are 
positioning themselves for a major increase in 
business due to Web shopping. The business model 
here is transaction based- the credit card companies 
take a certain percentage of all transactions that take 
place. 

The main impediment to credit card use on the Web 
is the question of security: people feel uncomfortable 
about placing their credit card details in 
'cyberspace 7 , knowing that it is comparatively easy 
for someone to snoop somewhere along the line. The 
situation is looking much better now, with the two 
main players—Microsoft and Visa—having agreed 
on a common security protocol, SET. Most of the 
others credit card companies will fall into line. It will 
be only a matter of time before the standard 
browsers will incorporate software to implement 
SET in future releases of their software. We will then 
have the option of a pulldown menu which says 
send the next e-mail message encrypted'. There will 
then be some dialogue as you enter encryption key 
details. 

One of the problems with credit card use is its 
cost—typically several percentage points, up to as 
high as 10% for use in a taxi. This mark-up covers 
the cost of credit card processing, which is a manual 
process, as well as covering the cost of fraud. 
Transactions from Web credit card purchasing enter 
the current paper system, and therefore are subject 
to the same costs as manual use of the cards. As a 
result credit cards cannot be used for small Web 
purchases, such as, say, a daily newspaper. 

Electronic cash, or ecash, is a new Internet based 
payment method which is entirely electronic—there 
is no human intervention in the settlement process, 
and as a result it can be used for very small 
purchases, in the order of cents, and lower. Here's 
how it works: your bank is 'ecash enabled', and you 
make a 'withdrawal' of a certain amount of 'coins' 
from your bank. This money sits on your disk until 
you use it—much in the same way as money in your 
wallet. You then go Net shopping and decide to 
make a purchase from a merchant who accepts 
ecash. You e-mail the ecash to the merchant, and it 
automatically increments the merchant's bank 
account. 

At the same time, your bank and the merchant's 
confer to make sure that the coins you have tendered 
have not been used before. 


This is a functional description, and the details are 
actually a bit more involved. One interesting feature 
of electronic cash is that the issuing bank need not 
know where the money is used, so purchasing can 
be anonymous, like paper cash. 

There are several companies vying for electronic 
cash market share at present, notably the Dutch 
company, Digicash, and Cybercash from the US. 
Digicash has recently established an office in 
Australia. 

Payment on the internet will be a hot area in the next 
12 months. Watch this space...♦ 


UniForum NZ'96 

Frank Crawford 

AUUG is not alone in the UNIX world or even in this 
region, and while most members know of USENIX 
and UniForum in the USA, they are less aware of 
many of the other organisations throughout the 
world. In particular, there are many UNIX groups 
affiliated with UniForum (as is AUUG), and recently 
I attended the annual conference of one of them, 
UniForum NZ, the New Zealand UNIX user's group. 

This conference was held in Rotorua from the 21st to 
the 25th of May, consisting of two days of tutorials 
and three days for the conference. While the 
conference was not as big as an AUUG conference, it 
attracted over 140 people from various regions and 
sectors throughout New Zealand. As well, it also 
attracted a large number of overseas attendees, with 
over a dozen people from the USA and Australia. 

The theme of the conference was "UNIX++" and was 
intended to cover much more than just the 
traditional UNIX operating system. The intent was 
to look at the evolution of UNIX, where it is going, to 
how individuals and organisations can exploit 
information to gain business advantage. 

The structure of the conference was a keynote 
session, followed by a number of streams, titled 
"Mainly Management", "Technically Tilted" and 
"Workshop Wonders", and closing with a plenary 
session bringing all the streams back together again. 
The sessions in the "Mainly Management" and 
"Technically Tilted" streams were generally 40mins, 
while the "Workshop Wonders" ran for 90mins, and 
were aimed at a much more in depth coverage of a 
particular topic. 

The topics covered at the conference ranged from 
the traditional UNIX utilities and enhancements, to 
technical presentations by vendors and onto such 
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topics as data mining and case studies of open 
systems and IT in industry and government. In all, 
the topics had something for all the attendees, from 
highly technical presentations to industry overviews. 

The attendees at the conference reflected the range 
of topics, and unlike AUUG's Winter conferences, 
there were a large number of students and 
academics discussing there work in the UNIX and 
Open Systems area. From the management side, 
there were probably fewer senior managers, but 
there were representatives from all areas of IT in 
New Zealand. These people tended to be those 
closer to the "coal-face", often having a role in both 
management and technical support. 

One interesting point about the conference was the 
number of overseas visitors who had been to 
previous UniForum NZ conferences. They found the 
conference to be both of a high quality, and more 
importantly, fun. And this was one of the big 
highlights of the conference, it was an enjoyable 
conference, for a number of reasons. 


The first was the program, it was interesting, but not 
too slanted in any particular direction. First time 
UNIX users were catered for just as much as UNIX 
experts. The size of the conference also contributed 
to the quality, it was neither too big nor too small. 
Many of the people knew each other, sometimes 
from previous conferences, but they were friendly, 
making first time attenders welcome. 

Another element to the enjoyment was the social 
program, there were activities on most nights, and 
generally, these catered for partners and even 
children, so it was possible to bring the entire family 
without feeling that they would be bored. As an 
example in the different emphases between AUUG 
conferences and UniForum NZ, there were two 
engagements announced at UniForum NZ, 
demonstrating the fellowship most people felt there. 

All in all, UniForum NZ'96 was a successful 
conference, achieving the goals set by the organisers, 
including making it an enjoyable event. At the same 
time, they had a good technical content making it 
worthwhile for organisations to send their people. ♦ 
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UNIX Tricks & Traps 

Subeditor: Gunther Feuereisen <gunther@agsm.unsw.edu.au> 

Tel: 02 9931 9314 Fax: 02 313 7279 

Hi Everyone! I'll be helping out with the "Tricks & Traps" column while Janet is away. However we still need 
contributions from all of you out there! It's your ingenuity and approach to problem solving which makes 
this column tick. 

To start the ball rolling, I thought I'd jump in first with a simple look at how you can use ports to debug 
errant daemons—something I seem to do a lot of, without thinking much of! 

As always, contributions are very welcome. 

See you next time! ♦ 

Debugging Ports: A Daemon of a Problem 

Ever tried telnetting to port 25? Sure you have. We all have. A lot of people don't realise how wonderful this 
feature of UNIX's design is. 

The other day I was upgrading our popserver to a new release, and found that it didn't work when trying to 
pop off mail. The fix? Talk to the pop daemon directly and find out what it's complaining about. 

The popper I was installing was the Qualcomm daemon, qpopper2.1.4 on an RS/6000 running AIX 4.1.4. It 
had a nice AIX makefile, and everything looked okay. 

I ran the makefile, installed, updated /etc/services and inetd.conf, and then did a kill -1 on inetd. 

I tried connecting to the popserver via Eudora and got an error. 

At this point, rather reading through copious amounts of source code, I decided to talk to the popper 
directly: 

coral:[/home/gunther] $ telnet coral 110 
Trying... 

Connected to coral.agsm.unsw.edu.au. 

Escape character is ,A ] 1 . 

+0K QUALCOMM Pop server derived from UCB (version 2.1.4-R3) at coral.agsm.unsw.. 
user gunther 

+0K Password required for gunther. 
pass ****** 

-ERR System error, can't create temporary fil.e. 

+0K Pop server at coral.agsm.unsw.edu.au signing off. 

Connection closed. 

Ok, obviously one of two things is occurring. File permissions are wrong somewhere, or it's trying to create 
files somewhere it is not supposed to. 

Looking at the source code, and not feeling like reading it, I used grep to find me what file contained that 
error message: 

coral:[/sysadm/src/qpopper2.1.4] # grep 'System error' *.c 
pop_dropcopy.c: "System error, can't create temporary file."); 

pop_dropcopy.c: "System error, can't open temporary file, do you own it; 

Well, as a primitive guess, if it were a permission problem, we would have got the second line as an error, so 
obviously it cannot create the file, which means the directory it wishes to use isn't there. 

Looking at pop_dropcopy. c and using a regex to find that error: 

/* First create a unique file. Would prefer mkstemp, but Ultrix...*/ 

strcpy(template,POP_TMPDROP); 

if (((tfn=mkstemp(template)) == -1) j] 

((tf=fdopen(tfn, "w+")) == NULL)) { /* failure, bail out */ 
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} 


pop_log(p,POP_PRIORITY, 

"Unable to create temporary temporary maildrop '%s' : %s", template, 
(errno < sys_nerr) ? sys_errlist[errno] : "") ; 

return pop_msg(p,POP_FAILURE, 

"System error, can’t create temporary file."); 


So, the error happens when template cannot be opened, which is POP_TMPDROP. 

Using grep again: 

coral:[/sysadm/src/qpopper2.1.4] # grep POP_TMPDROP * 

INSTALL: may want to change the value of POP_DROP, POP_TMPDROP, and 

pop_dropcopy.c: strcpy(template,POP_TMPDROP); 

popper.h:# define POP_TMPDROP POP_MAILDIR "/tmpXXXXXX" 

popper.h:# define POP_TMPDROP "/usr/mail/tmpXXXXXX" 

popper.h:# define POP_TMPDROP "/var/mail/tmpXXXXXX" 

popper.h:# define POP_TMPDROP "/usr/spool/mail/tmpXXXXXX" 

popper.h: * defined by POP_TMPDROP. POP_DROP and POP_TMPDROP 


Well, surprise' surprise, it was defined in popper . h. Looking at popper. h, the various entries are for 
specific OS types. For AIX we find: 

#if defined {SYSV) ScSc ! defined (POPSCO) ScSc ! defined (LINUX) 

# define POP_MAILDIR "/usr/mail" 

# define POP_DROP "/usr/mail/.%s.pop" 

# define POP_TMPDROP "/usr/mail/tmpXXXXXX" 

# if defined(AUX) || defined(AIX) 

# define POP_TMPXMIT "/tmp/xmitXXXXXX" 

# else 

# define POP_TMPXMIT "/usr/mail/xmitXXXXXX" 

# endif 

# define MAIL_COMMAND "/usr/lib/sendmail" 

# define OSDONE 
#endif 

Hello. POP_TMPDROP points to /usr/mail / tmpXXXXXX. Now, for those of you who don't realise the 
significance, in AIX 3.2.5 /usr/mail -> /usr/spool/mail (well, /var/spool/mail actually, but 
/usr/spool/mail points there also), but in AIX 4.1.* there is no /usr/mail, only /usr/spool/mail. 

The fix, change the directory: 

#if defined (SYSV) ScSc ! defined (POPSCO) ScSc I defined (LINUX) 

# define POPJMAILDIR "/usr/spool/mail" 

# define POP_DROP "/usr/spool/mail/.%s.pop" 

# define POP_TMPDROP "/usr/spool/mail/tmpXXXXXX" 

# if defined(AUX) || defined(AIX) 

# define POP_TMPXMIT "/tmp/xmitXXXXXX" 

# else 

# define POP_TMPXMIT "/usr/spool/mail/xmitXXXXXX" 

# endif 

# define MAIL_COMMAND "/usr/lib/sendmail" 

# define OSDONE 

#endif 


Recompile and reinstall. Let's test it again: 

coral:[/home/gunther] $ telnet coral 110 
Trying. . . 

Connected to coral.agsm.unsw.edu.au. 

Escape character is ’ A ] 1 . 

+0K QUALCOMM Pop server derived from UCB (version 2.1.4-R3) at coral.agsm.unsw.. 
user gunther 

+0K Password required for gunther. 
pass ****** 

+0K gunther has 0 message(s) (0 octets), 
quit 

+0K Pop server at coral.agsm.unsw.edu.au signing off. 
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Connection closed. 

Problem solved.. 

What I hope I've shown is that by direct interaction with a daemon, by telnetting to the port it operates on, 
and then sending command requests, it is possible to detect, diagnose and solve any problems related to the 
running of an errant daemon. 

A pop daemon is only one example. Some of your other commons ones include: 

SMTP port 25 

Great for diagnosing problems with e-mail and finding out exactly where someone's e-mail is going to, or 
should be going to. 

NNTP port 113 

If you get really adventurous, write your own newsreader. Otherwise read articles straight off your 
newsserver. A silly way to do it—but it does amaze onlookers ; -) 

HTTPD port 80 

Wonder why that pesky web server isn't doing what you told it to do? Talk to it directly and find out what it 
thinks is the way of the world. Suddenly everything will be made clear. 

Check out your RFCs for the protocols and their corresponding commands, and get chatting one-to-one with 
your friendly daemon. ♦ 


'/TCP/IP Network Services. 

/ Unix Systems Administration Services. 
/ Unix-MS Windows Integration. 

/ Internet Security & Firewalls. 

/ Client/Server Software Development. 

Cybersource is a TCP/IP Network and Unix 
Systems specialist. We have been designing, 
installing and administering heterogeneous 
WANs and LANs since 1991. Our staff are 
experienced in ail aspects of internetworking, 
including administrating hosts, configuring 
routers and terminal servers, security and 
firewalls, DDS and ISDN links. For further 
information, please contact: 



Cybersource Ply Ltd acn: 053 904 082 
Level 8,140 Queen St, Melbourne 3000 
Phone: +61 3 9642 5997 Fax: +61 3 9642 5998 
Email: info@cyber.com.au http://www.cyber.com.au/ 
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Help us celebrate 10 years of 
UNIX and Internet publishing ! 



Java in a Nutshell is the complete 
quick reference guide to Java, the 
hot new programming language 
from Sun Microsystems. 


ISBN 1-56592-1B3-6 





Learning Perl 

This book is the official guide for 
both formal and informal learning 
and is fully accessible to the novice 
programmer. 

ISBN 1-56592-042-2 



Porting UNIX Software 

This is the first book to deal with the 
whole life cycle of porting software 
on UNIX, from obtaining software to 
building the documentation. 
ISBN 1-56592-126-7 




UNIX in a Nutshell 
System V 

You will find this essential book on 
bookshelves everywhere; it's one of 
our bestselling books. 

ISBN 1-56592-001-5 



CGI Programming on 
the World Wide Web 

This book is a comprehensive 
explanation of CGI and related 
techniques for people who hold on 
to the dream of providing their own 
information servers on the Web. 
ISBN 1-56592-168-2 



Essential System 
Administration 
2nd Edition 

Ask any systems administrator, this 
book, newly updated is required 
reading. 

ISBN 1-56592-127-5 



TCP/IP Network 
Administration 


Here is a complete guide to setting 
up and running a TCP/IP network for 
administrators of networks of sys¬ 
tems or lone home systems that 
access the Internet. 

ISBN 0-93717-582-X 



DNS and BIND 


Whether you're an administrator 
involved with DNS on a daily basis, 
or a user who wants to be more 
informed about the Internet and 
how it works, you'll find this book is 
essential reading. 

ISBN 1-56592-010-4 



Networking 

Personal 

Computers 


Networking Personal 
Computers with TCP/IP 

This book offers practical information 
as well as detailed instructions for 
attaching PC's to a TCP/IP network 
and its UNIX servers. 

ISBN 1-56592-123-2 



sed & awk 


Shows you step by step how to use 
these power tools for editing. Ideal 
for people who create and modify 
text files. 

ISBN 0-93717-559-5 



HTML: The Definitive 
Guide 

This book covers the most up to 
date version of the HTML standard, 
plus all the common extensions and, 
in particular, Netscape extensions. 

ISBN 1-56592-175-5 


Ten successful years in the computer book and software publishing business. 
To us, that means we're helping people with no-nonsense, down-to-earth, tell 
it like it is information. Whether we're helping programmers understand C++, 
computer users explore the internet, or system administrators troubleshoot 
security with our book Building Internet Firewalls, we're glad we can be of 
service to our many customers around the world. 

Our goals for the next ten (and one hundred) years? We'll continue to publish 
our famous Nutshell Handbooks on all sorts of topics. Weil continue to 
explore the riches of the Internet. Most importantly, we'll stay abreast of 
what you need to know to make life (and your job) a little easier. 


CELEBRATING 



10 YEARS OF PUBLISHING 

O’REILLY 


Available from all participating stores. Call Woodslane for a store near you. Offer valid until 30th June 


Distributed in Australia by Woodslane Pty Ltd a . c . n . 003 677 549 Ph (02) 9970 5111 Fax (02) 9970 5002 
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Book Reviews 

Sub-editor: Frank Crawford 

Another issue roles around and we have books, 
books and more books reviewed by members of 
AUUG. In fact there are so many good books coming 
out that we can almost fill an edition of AUUGN by 
just with them. This time we have books on IPv6, 

AIX performance tuning. Standard C, the X protocol, 
databases and best of all UNIX internals. These 
books are all relevant to many members of AUUG 
and should give you some thought about what to 
buy. 

Along with those being reviewed, we currently have 
lots of books coming for review. The current practice 
is to post a note to the mailing list 
<auug—books@ansto.gov.au> and the 
newsgroup aus.org.auug when we have new books 
available. Unfortunately, this disadvantages 
members without network connections, or on the 
end of a low speed link. For people in such a 
position, either mail, via the AUUG PO Box, or fax 
me on (02) 717 9273, with your contact details and 
preferences. ♦ 



IPv6: The New Internet Protocol 

by Christian Huitema 
Prentice-Hall 
1996,188 pages 
ISBN 0-13-241936-X 

Reviewed by Mark Delany <markd@mira.net.au> 

Have you ever looked at the header of an IP packet 
and wondered "why on earth did they put that field 
there?" or "why did they squeeze all that 
functionality into so few bits?". Well, in the years to 
come people will ask the same sort of questions 
about IPv6. 

Christian Huitema in "IPv6 The new Internet 
protocol" provides an excellent explanation as to 
why various design decisions were made, what the 
trade-offs were and which contentious issues 
remain. And, as a former Chair of the Internet 


Architecture Board (LAB) Christain speaks with 
justifiable authority. 

In part, Christian provides a potted history of the 
development of IPv6, even dipping into the politics 
on occasions (I recall the workout that the IETF 
mailing list got at that time and Christian sensibly 
avoids re-opening old wounds). 

If that was all this book offered, it would still be of 
some merit to those interested in the intricacies of a 
new protocol. But IPv6 is far more than an exercise 
in protocol design; when deployed it will affect all of 
us in some way. 

While the looming address space crunch of IPv4 is 
the driving force behind IPv6, Christian makes it 
abundantly clear that address space is only one area 
affected by IPv6 when he discusses the impact on: 

• LAN administration 

• WAN administration 

• Router management 

• Security 

• Real/time capabilities 

• Network programming 

• Transition management 

• IP over ATM 

The impressive part about all this is that in 188 
pages, this book does address all those topics and 
more. In the area of security, one gets the feeling that 
Christian is offering little more than a transcription 
of the Internet drafts, but in all other cases he 
demonstrates a competent understanding of the 
subject. 

Of course the detail isn't sufficient to write a 
protocol stack, nor does it provide enough 
information to re-design the network layout of a 
large ISP, but it does create a solid framework along 
with plenty of links to more information. 

This is not to say the book is without faults. As 
seems inevitable these days, the editors have let 
through an irritatingly large number of 
typographical errors. Christian is French and I 
suspect that the editors could have spent a little 
more time polishing his English style to suit the 
target audience, (do we really "suppress fields" or 
"officialise" TTL behaviour?) I also find the staccato 
style of sentences. Rather hard to read. Especially to 
start with. 

In the end thought this book is of significant value. 

It's audacious in its coverage, it assumes an 
intelligent reader, it clearly raises the awareness that 
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IPv6 is far more than an address space solution and 
it provides a valuable insight into why the protocol 
is the way it is.f 

AIX Performance Tuning 

by Frank Waters 
Prentice Hall 
1995, 316 pages 
ISBN 0-13-386707-2 

Reviewed by Matthew See <see.matthew.me@bhp.com.au> 

Read this book if you are interested in UNIX 
performance tuning. 

APT is a glossy version of the IBM manual SC23- 
2365-03 "AIX Versions 3.2 and 4.1 Performance 
Tuning Guide", commonly referred to as "The Bible" 
of AIX performance tuning. This first edition of APT 
is essentially the same document as the Fourth 
Edition of the internal manual, except re-badged 
under the name of Frank Waters. 

The preface suggests that the enclosed material 
would be of use to programmers, system managers 
and end users, preferably with some AIX experience. 
Given that most end users would rather watch a 
snail race than know the workings of UNIX, this 
book would be more suited to programmers and 
administrators. At this level, APT works well, and 
would be a useful read for those of us into UNIX 
performance tuning or programming. 

The basic process of analysis, benchmarking and 
system tuning is covered in the opening section of 
the book. No rocket science, but good practical 
advice for the novice. 

Later sections contain detailed technical discussions 
based on each critical resource: the CPU, memory, 
disk and network subsystems. This forms the best 
part of APT, and successfully combines material 
from a range of technical and literary articles. Topics 
covered include system and application 
performance tuning, AIX performance tools, and of 
course, RS/6000 and AIX (3.2.5 through 4.1) 
performance issues. Included throughout are useful 
scripts, and plenty of hints on effective program 
design and programming techniques—very handy. ♦ 


Client/server Databases: 
Enterprise Computing 

by James Martin and Joe Leben 
Prentice-Hall 
1995,352 Pages 
ISBN 0-13-305160-9 

Reviewed by Greg Biack 

Greg Black & Associates <gjb@gba.oz.au> 

My technical bookshelves have more volumes from 
Prentice-Hall than any other publisher and most of 
them are pretty good books. This one, covering the 
important topic of database software in the major 
modem computing environment, struck me as likely 
to be of interest to AUUGN readers—at least its title 
gave that impression. Sadly, although it probably 
won't do anybody serious harm, it's not likely to 
contribute much of value to most readers. 

I like technical books to identify their target 
audience clearly, as this allows people to avoid 
wasting time on material of little use to them. 
However, any book that lists so many groups of 
people and with such a spectacular range of 
competencies, is aiming so broadly that its coverage 
is probably going to be rather thin. In fact, with the 
exception of the final category (students), anybody 
from the list who needs this book has probably got 
their job under false pretenses and won't be able to 
escape detection after wading through it. 

First-year students who need an introduction to 
database software might find some value here, 
although even they are more likely to find it useful 
as a cure for insomnia than a source of hard 
information. 

The book is divided into five parts plus some 
appendices, a glossary and index. Part 1, 
"Information and Data", gives a very vague and 
general introduction. The few items of real 
information are all repeated several times, often in 
almost the same words. This practice of repetition 
becomes extremely tedious as you work your way 
through the book, as it's a real chore to force 
yourself to re-read the same stuff constantly just on 
the off-chance that there's something new buried 
inside it. 

Part 2, "Database Software", is mainly a historical 
coverage of the topic. Part 3, "The Client/Server 
Environment", discusses the theory of distributed 
computing in a very abstract fashion. Part 4, "The 
Relational Data Model", attempts to describe the 
basic theory behind this topic but throws more 
repetition than light on it. 
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By far the longest, Part 5 goes into SQL in surprising 
detail and even provides a useful introduction to the 
topic for neophytes. However, even this is far from 
complete as a tutorial and is not likely to be a major 
reason for purchasing the book. And, since all the 
examples of embedded SQL are done in COBOL, all 
those funny people who want to use any of the half 
dozen other programming languages that are 
mentioned will be left in the dark. 

The Appendices cover QBE, "Codd's Relational 
Rules*' and "Object-Oriented Databases" without 
adding much of substance. The Glossary includes 
terms that are not used in the book, while the Index 
misses important terms that are used (although 
some things that only appear in the Glossary are 
indexed). 

The front and rear end-papers both have a graphic 
display of "the James Martin books" which at first 
sight seems to include even more titles than the list 
on page ii, under a wide range of themes. However, 
closer inspection reveals that several titles get a run 
under two or three separate categories. And there 
lies a hint about the nature of this book—it seems 
that James Martin is in the business of producing 
books. 

The style of this book gives the impression that it 
was created more by cutting and pasting paragraphs 
from some general reservoir of words than by sitting 
down with a clear goal and writing original 
thoughts. Most of the text is abstract and wordy 
waffle. Most of the information is stated as fact 
without any kind of supporting explanation. And, 
from the point of view of AUUGN readers, the 
choice of Microsoft Access for illustrative purposes 
will be of limited usefulness. 

In the final analysis, here is a book that is written 
like one of those hastily cobbled-up newspaper 
stories—full of general statements that rarely convey 
the real truth, and with no hard information. At the 
end of the book, a reader would not be able to do 
anything new of any significance—not even evaluate 
client/server database software. I recommend 
leaving it on the shelves next time you are browsing 
in your favourite bookshop.♦ 


Volume 0: X Protocol Reference 
Manual 

Edited by Adrian Nye 
O'Reilly and Associates 

1995,435 pages. Soft cover, high recycled content 
ISBN 1-56592-083-X 

Reviewed by John Chalk 
DSi Pty Ltd 

<john . chalk@datacraft. com. au> 

This book is volume 0 in the well known O'Reilly 
series devoted to the X Window System, updated for 
XI1 Version 4, Release 6. 

It's aim is to provide a complete reference to the X 
Network Protocol. This refers to the underlying 
protocol, and not interface implementations or 
applications. If feel compelled to ask "why volume 
0?", then this book is probably not for you. 

The intended audience is server implementors, 
client-library programmers, and application 
programmers who want to increase their knowledge 
of the underlying principles and protocol. 

My own experience includes administration of X 
terminals and supporting hosts, porting and support 
of X releases, and development of Motif 
applications, but not development of a server or of a 
client library. 

The three major parts of the book are: 

• conceptual introduction 

• reference section with an entry for each protocol 
request and event 

• 11 appendixes in a section describing various 
aspects in more detail 

The first section, the introduction, provides an 
excellent comprehensive overview of the X 
architecture which would be of value to anyone 
working at any level with X. It goes on to describe a 
sample session, and implementation issues in more 
detail which will be of value 

to implementors. The narrative style is not what one 
would normally expect of a reference manual, but 
the content is essential to an understanding of the X 
protocol and would not logically fit in any of the 
other library manuals in the series. 

The second section is strictly a reference section with 
an entry for every request and event in alphabetic 
order. This section would only be of interest to an 
implementor of servers or library code, or possibly, 
someone debugging a session with a trace tool, or 
the simply curious. 
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The appendixes section provides more information 
on implementation details such as key symbols, 
errors, atoms, xlib to protocol mappings, bitmap 
distribution format, and so on. 

Generally the book has been produced to the usual 
high O'Reilly standard. I believe that this book 
would be most useful, and indeed essential, to 
implementors of X servers, and writers of low level 
client libraries. 

If you are an application developer, occasionally 
delving into Xt and Xlib, then your interface 
reference, combined with the Xt and Xlib references 
should meet most of your needs. If the budget is 
tight, then this book is not an essential. Having said 
that however, if your budget stretches to it, I could 
recommend the book solely for the introduction 
which provides an excellent overview which will be 
of value to anyone working with X. Some more 
specialised applications may require access to the 
references to BDF, interpretation of errors, or 
compound text encoding, for example. And of 
course in some quarters it is said that every 
comprehensive library should start with volume ().♦ 

Standard C: A Reference 

by P.J.Plauger and Jim Brodie 
Prentice Hall, 

1996, 248 pages + Diskette 
ISBN 0-13-436411-2 

Reviewed by Jamie Honan <jhonan@mpx.com.au> 

This book does an excellent job of describing and 
explaining the C standard. It is particularly useful in 
explaining the newer aspects—the so called 
amendment 1—support for large character sets. 

This is a reference book, you really have to know C 
to start with. Examples are only one or two lines to 
explain a point, they don't build into complete 
working programs. 

The detail in this book is excellent, subtle points are 
brought out. 

For example, did you know that if you write binary 
file, it may have a number of null bytes appended to 
the end? (Not under UNIX, of course!) 

The syntax is explained with the help of "railroad 
diagrams", an excellent method of "finger tracing" 
correctness. 

The book also has detailed descriptions of header 
files and standard library calls. These are arranged 
by header file name, not by individual function 
name. To find an individual function you must 


consult the list at the end of the book for the relevant 
header file, then chase down that chapter. 

This approach takes a little getting used to if you are 
used to manuals that list functions alphabetically, 
but means that like functions are grouped with 
relevant manifest constants (#defines to you and me) 
and with an overall explanation as a chapter 
introduction. 

This is a very worthwhile book to have in your 
library if you program in C. The authors had a major 
role in the formation of the standard, they could 
hardly be more authoritative. 

This book is particularly pertinent to "older" C 
programmers who may have an older K&R 
(Kemigan and Ritchie's "White Book") reference 
lying around but never updated. Particularly 
important is the wide character information, 
indispensable for writing a standard C program that 
will be used in Asian language environments. 

The book comes with a diskette with the full book 

text in HTML (actually, the file names end in .HTM, 

you have to do a quick substitution: 

find . -name \*htm -exec mv {} {}1 \; 

worked for me. Presumably the assumption is that 

UNIX people like working this sort of thing out for 

themselves). 

While the diskette may be interesting, the handiness 
of the reference book can't be beaten. ♦ 

Digression: Book production values 

When reviewing "Standard C—A Reference" I was 
unimpressed by the physical state of the book. 

The first irritation is the (almost obligatory 
nowadays) diskette included. This little beast is 
glued to the inside back cover in a plastic sleeve. 
Presumably to deter thieves, the sleeve is stuck on in 
such a manner as to make removal almost 
impossible without wrecking the back cover. 

The covers are almost paper thin, in humid air they 
curl badly. 

Extracting the diskette, I put it aside for a while, 
inadvertently laying the diskette on the gluey plastic 
sleeve. 

The pair, diskette and sleeve, then attached 
themselves to the next surface. My fault, I suppose, 
but then pricing apart sleeve and diskette forced the 
metal slider off the diskette. Fortunately it was still 
readable. 

The other "production value" quality which is 
lacking is editorial and layout control. 
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Book Reviews 


Whilst typography and layout are matters of 
individual aesthetic preference, the heavy use of 
bold font jarred on me. 

Worse is the index. A good index is not simply the 
cleaned up output from a "grep". Many entries could 
have been culled as irrelevant, or at least, a "defined" 
tag would point the reader to the most pertinent 
reference. 

One specific example of an indexing problem was 
the "precedence table". 

This would be one of the most heavily consulted 
pages in a C reference manual, (let an old Kernigan 
and Ritchie "White Book" fall open and see what 
page is displayed). 

The index? "Precedence of operator, see Operator, 
precedence of". Okay, that leads to page 92, a section 
on the meaning of operator precedence. Reasonable 
enough, but no "table" entry in the index. The table 
happens to be on page 96, so it's not too hard to find. 

Books are expensive, and kept for some time. The 
modem trend in including poorly packaged 
diskettes and low production quality is annoying. $ 

UNIX Internals: The New 
Frontiers 

by Uresh Vahalia 
Prentice-Hall 
1996, 601 pages 
ISBN 0-13-101908-2 

Reviewed by Warren Toomey <wkt@cs.adfa.oz.au> 

I've got most of the book on the design of the UNIX 
kernels: Lions' commentary on 6th Edition UNIX, 
Bach's book on System V, tire black book on 4.3BSD 
and Goodheart & Cox's book on System V R4. 

Except for the last, all of these books cover historical 
systems, and all cover only a single UNIX system. It 
was a pleasant surprise to stumble across a reference 
to Vahalia's new book "UNIX Internals: The New 
Frontiers" on the 'net, and to get a copy of it. 

Unlike the previous UNIX kernel books, this one 
covers several systems which are currently in use: 
System V R4, Solaris 2.x, 4.4BSD, Mach 3.0, and 
Digital UNIX. Vahalia introduces each topic of 
kernel design clearly and logically, and describes the 
design and implementation of each of the systems 
without any bias. Each implementation's advantages 
and disadvantages are explained, which serves to 
remind us that any large software design involves 
compromises between such factors as speed, 
efficiency and resource usage. 


The book is 600 pages long and the list of topics 
covered is enormous. Here are the top-level sections: 
Introduction and History, Processes and the Kernel, 
Threads and Lightweight Processes, Signals and 
Session Management, Process Scheduling, 
Interprocess Communications, Synchronisation and 
Multiprocessing, File System Interface and 
Framework, File System Implementations, 
Distributed File Systems, Advanced File Systems, 
Kernel Memory Allocation, Virtual Memory, The 
SVR4 VM Architecture, More Memory Management 
Topics, Device Drivers and I/O, Streams. If Prentice- 
Hall don't change their web server soon, the full 
table of contents can be found at 
http://www.prenhall.com/013/101907/ 
10190-7t.html 

This book is already slightly dated, with no 
reference to the latest version of 4.4BSD-Lite, the free 
BSDs which have enhanced 4.4BSD-Lite, nor Linux. 
Some of these systems, I admit, are moving targets. 
Although Linux is not descended from AT&T UNIX, 
its comparison with the other systems covered 
would make a useful addition. One large omission is 
any treatment of sockets and the network stack in 
BSD. This is probably due to the complexity of this 
subsystem and the fact that there are already several 
book which cover the design and implementation of 
this subsystem. 

Vahalia's book isn't cheap either; my hardcover 
edition cost AUS$85 from the Co-op Bookshop. 
However, it is lucidly written and very readable, 
and impartially compares the design and 
implementation of the flavours of UNIX currently in 
use. Therefore I would highly recommend "UNIX 
Internals: The New Frontiers" to anyone interested in 
delving into the design and implementation of 
today's UNIX systems. ♦ 
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From the Western Front 


From the Western 
Front 

Edited by Tom Hallam <thallam@geol.uwa.edu.au> 

Well I let things slip a bit over the last few months so 
I've got a bit of catching up to do. 

We've had some excellent talks over the last few 
months. The meeting reports have been a bit 
sporadic but that should get better. If your talk has 
been missed then please accept my apologies, it has 
nothing to do with the quality of the talk. By the 
way, anyone can putin a meeting report, you do not 
have to be asked. If you liked (or disliked) a 
particular meeting then send me a report or just a 
paragraph saying what you thought about it. 

WAUG members have been spawning processes (or 
should that be processors) left right and center. 
Congratulations to Janet and Glen for the birth of 
Samantha Dawn Jackson Huxtable. Samantha was 
born at 13:07 on Friday March 8th, and was 81b 8oz 
and 50cm long. Congratulations also to Don and 
Ann for the birth of Jaydan Tony Griffiths. Jaydon 
was born at 09:09 on Saturday the 2nd of March 1996 
and was 7 pound 7ounces and 50.8 cm long. 

Last month was the AGM so we now have a new 
committee [see ’’Committee Contact Details" below]. 
I'd like to thank the old committee for their hard 
work over the last year. ♦ 

Meeting Reports 

May Meeting 

Security Goof-Ups 

Given By: Don Griffiths 
Meeting Reporter: Daniel Baldoni 

Well, Don Griffiths has presented another 
entertaining and informative talk and once again the 
subject dealt with IT security. The title this time was 
"Security Goof-Ups" and the various anecdotes he 
used had the audience smirking, reaching for 
notepads or trying to look insignificant (depending 
on whether they knew the culprit, had the culprit 
working for them or were the culprit). Of course, 

Don didn't name names (so as to protect the guilty). 
Below are a couple of examples I've selected from 
Don's talk as being representative of some common 
security problem types. 

We've all had problems with NFS in the past. 
Wondering why one OS supports NIS netgroups in 
an export list but another doesn't—that sort of thing. 


But, the first story of the night discussed one 
enterprising SA who was using a UNIX server to 
provide home directories for PC's via PC-NFS. The 
upshot was that the single export he did was for the 
entire hierarchy to the world with write permission. 
That host was Internet connected. Luckily, it was 
Don who found it first. 

One company had a stated policy that all employee 
user-ids were to be the same as the employee-id. So, 
our efficiency-conscious SA decided it would be 
quicker to blanket create accounts for all the current 
employees. Unfortunately, his add-user script also 
set the password for each new account to the same 
string (namely the employee-id). As if this wasn't 
bad enough, he then went on to publicise this in a 
company-wide newsletter. This is an example of 
how the best intentions can lead to possibly 
catastrophic breaches in security. 

Then, of course, there's the simple typo. Consider 
the commonly used NIS passwd map entry: 

+ : : 0 : 0 : : : 

What would happen if that leading '+' was missing? 

The talk covered a number of other "types" of goof- 
ups, too many to discuss here. After Don finished 
educating us all, he threw the discussion open and 
several of us related stories of our own—be they 
computer folklore, or known to have happened 
where we worked (or worse, were committed by 
members of the audience). My own guilt precludes 
me from naming names or discussing deeds. ; -) 

Everybody likes to think they can't make the simple 
mistakes which have serious impacts on service 
provision; but even the best systems support people 
are still human (although many of our users will 
dispute this) and therefore fallible (which many of 
our users will heartily agree to). When a mistake, 
poor planning or poor implementation leads to a 
problem; investigate, correct and document the 
problem, its causes and the actions taken to correct 
it. Your colleagues and your customers will later 
thank you (and it'll make your job easienin the long 
run). 

After we'd all laughed at ourselves, WAUG held its 
'96 AGM. The various reports were accepted with 
little comment. We also held our committee 
elections, the results of which are included below 
[See Committee Contact Details], 

Finally, the incoming committee members [and 
everyone else] would like to thank the outgoing 
members (several of whom have been voted back in 
this year) for their work over the last twelve months. 
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From the Western Front 


Meeting information 


Committee Contact Details 


WAUG meets at the Freeway Hotel, 55 Mill Point 
Road, South Perth. We meet at 6:15pm on the third 
Wednesday of each month. 

Our meetings are advertised in the Diary column of 
the Computers section of Tuesday's West 
A ustralian. 

If you need further information about the next 
meeting, please contact Mark or one of the 
committee. 

SPEAKERS ARE NEEDED, especially ones who can 
actually commit to giving a talk on a certain date! So 
if you can give a talk, or know someone who can, 
please let us know. Mark (our meeting organiser) 
cannot produce them out of thin air. SAGE also 
needs speakers (See Local SAGE-AU below) 

WAUG Email Aliases, Newsgroups 
and Web Page 

WAUG has the following mail aliases on 
uniwa.uwa.edu.au: 

waug-membership 
for membership enquires 

waug-chair 
our Chairperson 

waug-meetings 
our meeting organiser 


Chair: Don Griffith 351 7691 

griffith@cs.curtin.edu.au 

Vice-chair: Luigi Cantoni 474 3700 

lui@DIALix.oz.au 


Secretary: Tom Hallam 380 2665 

thallam@geol.uwa.edu.au 
(AUUGN Sub-editor) 

Treasurer: Patrick Ko 483 8111 

pko@DIALix.oz.au 


Meeting Mark Baker 491 6081 
Organiser: baker@telecomwa.oz.au 


Ordinary Daniel Baldoni 
Committee: f lint@cs . curtin. edu. au 
(Meeting Reporter) 

David Buck 

dbuck@ncc.telecomwa.oz.au 


Glenn Huxtable 328 8288 
glenn@fs.com.au 

Peter Wemm 


For Systems Administrators: 
Local SAGE-AU Meetings 

The WA Regional Group of the Systems 
Administrators Guild of Australia (SAGE-AU) 


waug-secretary 
our Secretary 

waug-newsletter 

for newsletter contributions or enquires 

waug 

for general correspondence (will be read by the 
Secretary, as a paper letter would be). 

So, for example, you may send general 
correspondence to waug@uniwa . uwa . edu . au. 

Check us out on the World Wide Web at: 

http://www.auug.org.au/auug/waug/waug.html 

(thanks Canberra AUUG). 

Also see the newsgroups wa . waug and 

aus . org . auug for announcements and discussion. 


meets on the First Tuesday of each month at 6pm, 
in room G3 at the Alexander Library If you 
manage computer systems for a living, we'd like to 
have you along. 

SAGE-AU is NOT another UNIX group. All systems 
and network administrators are welcome. We 
would particularly like to see more PC network 
administrators attending, so if you know any, send 
them along. I'd like to see lots of Novell, NT, OS2 
and MAC people attending. » 

For more information, please contact Don Griffiths 
<griffith@cs . curtin . edu . au>, (09) 351 7691 
or myself, Tom Hallam 

<thallam@geol. uwa . edu. au>, (09) 380 2665. For 
information about SAGE-AU in general, you may 
also look at 

ftp://ftp,sage-au.org.au/pub/SAGE-AU 
and http://www.sage-au.org.au:8080/. 
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Canberra Chapter: June 96 newsletter 


Canberra Chapter: 
June 96 newsletter 

June Monthly Meeting 

When: 7:30 pm for 8:00 pm, 

Tuesday, 11th June 1996 

Where: Open Solutions Centre 

15 Barry drive 

What: Annual General Meeting, 

Canberra Chapter 

We need a quorum, so AUUG members please show 
up (all others are welcome to attend but note that 
only AUUG members can vote and only AUUG 
members can be elected to committee positions). 

It looks like quite a few of the committee positions 
will be vacated at this meeting, so please put serious 
thought into standing for a position. If several 
people are keen the workload is not to bad, and we 
have put on some pretty impressive events (such as 
our summer conferences, special workshops and 
tutorials, and the Internet Project). Feel free to call 
anybody in the current committee to find out what 
the job involves. ♦ 

The INTERNET Project 

If you are an AUUG member in the Canberra 
Chapter you can get e-mail and news access to the 
Internet, and there is no cost (so long as you remain 
a financial member). This is provided by a dialup 
service which has been recently updated and has a 
direct IP connection to the Internet. Full IP access to 
the Internet can be obtained at extra cost ($90 for 300 
hours, approximately). If you are interested in this 
service, please contact John Barlow 
(mobile: 019 935477) to have a chat about it. 

We have a Linux box and a FreeBSD box available 
via the same dialup service, so if you want to 
examine these great (free, full source) UNIX 
implementations, here is a prime opportunity ! 
Existing users who wish to use these boxes need to 
e-mail linux@canb. auug . org . au or 
f reebsd@canb. auug . org . au to have an account 
setup. 

Meetings organiser wanted: 

[f you want a specific topic discussed at a future 
meeting, or want a specific UNIX presentation made, 
please contact John Barlow (contact details at the 
end of this message). 


Coming Events: 

June 11 

Annual General Meeting 
July 9 

General Meeting (perhaps software protection ?) 

Secretary, Canberra Chapter of AUUG Inc. 

John Barlow, 019 935477, 

cauug.secretary@auug.org.au 


is your journal! 

Without you, there is no 
AUUGN: if you've 
knowledge to share, 
share it through AUUG's 
bimonthly journal. 

You'll be reaching over 
700 individuals, and more 
than 300 organisations 
involved in the UNIX/ 
Open Systems world. 


We're looking for: 

Talk to your local 
Chapter contact for 
ideas, and see 
elsewhere in this 
issue for submission 
guidelines. 


•Papers 

•Reviews 

•Articles 

•News 

•Comment 
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AUUG Institutional Members 


AUUG 

Institutional 

Members 

as at February 1996 


AAII 

ACAYNetwork Computing Pty. Ltd. 
Actrol Parts 
Adept Software 
Alcatel Australia 

Amalgamated Television Services 

Amdahl Australia 

Andersen Consulting 

ANI Manufacturing Group 

Ansett Australia 

ANSTO 

Anti-Cancer Council of Victoria 
ANZ McCaughan 
AT & TGIS 

Attorney-General’s Department 
Ausnet Services Pty. Ltd. 

AUSOM Inc. 

AUSTA Electric Qld Minerals <& Energy 
Centre 

Australian Archives 
Australian Bureau of Statistics 
Australian Centre for Remote Sensing 
(ACRES) 

Australian Customs Service 
Australian Defence Industries Ltd. 
Australian Electoral Commission 
Australian Film Television and Radio 
School 

Australian Information 

Processing Centre Pty. Ltd. 
Australian Medical Enterprise 
Australian Museum 
Australian National Audit Office 
Australian National University 
Australian Submarine Corporation 
Australian Taxation Office 
Australian Technology Resources 
(ACT) Pty. Ltd. 

Australian Technology Resources Pty. 
Ltd. 

AW A Defence Industries 
B & D Australia 
Barwon Water 
Bay Technologies Pty Ltd 
BHP Information Technology 
BHP Information Technology 
BHP Minerals Exploration 
BHP Research - Melbourne 
Laboratories 


BHP Research - Newcastle 
Laboratories 

Burdett Buckeridge & Young Ltd. 
Bureau of Meteorology 
Bytecraft Pty. Ltd. 

Cape Grim B.A.P.S 

Capricorn Coal Management Pty. Ltd. 

CelsiusTech Australia 

Central Queensland University 

Central Sydney Area Health Service 

Centre for Open Systems Pty. Ltd. 

CITEC 

Clegg Driscoll Consultants Pty. Ltd. 
Coal <& Allied Operations 
Cognos Pty. Ltd. 

Com Net Solutions 
Com Tech Communications 
Comcare Australia 
Commercial Dynamics 
Commercial Industrial 

Computer Services Pty. Ltd. 
Communica Software Consultants 
Composite Buyers Ltd. 
Computechnics Pty. Ltd. 

Computer Associates 
Compuware Asia-Pacific 
Continuum Australia 
Copper Refineries Pty. Ltd. 

Corinthian Engineering Pty. Ltd. 

CSC Australia Pty. Ltd. 

CSIRO Division of Information 
Technology 

CSIRO Division of Manufacturing 
Technology 

Curtin University of Technology 
Cyberdyne Systems Corporation Pty. 
Ltd. 

Cyberscience Corporation Pty. Ltd. 
Cybersource Pty. Ltd. 

Daedalus Integration Pty. Ltd. 

Data General Australia Pty. Ltd. 
Datacraft Technologies 
Dawn Technologies 
DB Bain Group Services Pty. Ltd. 
Deakin University 
Defence Housing Authority 
Defence Service Homes 
Department of Communications and 
the Arts 

Department of Conservation 
& Natural Resources 
Department of Defence 
Department of Defence (TC Section) 
Department of Education QLD 
Department of Family Services <& 
Aboriginal & Islander Affairs 
Department of Gaming <& Racing 
Department of Lands Housing & Local 
Government 

Department of the Treasury 
Department of Urban Services 


Dept, of Industrial Relations 

Employment Training & Further 
Education 
DEVETIR 

Dialix Internet Services27 
Digital Equipment Corp. (Australia) 
Pty. Ltd. 

Dominion Systems Pty. Ltd. 

DSTO Lab 73 

EASAMS (Australia) Limited 
Edith Cowan University 
Electricity Tmst of South Australia 
Electro Optics Pty. Ltd. 

Engineering Computer Services Pty. 
Ltd. 

Environmental Resources 
Information Network (ERIN) 
Deparment of Environment Sport and 
Territories 

Equity Systems Pty. Limited 
Ericsson Australia 
ESRI Australia Pty. Ltd. 

Execom Consulting 
Executive Computing Group 
FFE/James Hardie Bldg. Serv. 

FGH Decision Support Systems Pty. 
Ltd. 

Financial Network Services 
First State Computing 
Flinders University 
Fremantle Port Authority 
G.James Australia Pty. Ltd. 

GEC Alsthom Information Technology 
Genasys II Pty. Ltd. 

Great Barrier Reef Marine Park 
Authority 
Haltek Pty. Ltd. 

Hamersley Iron Pty. Ltd. 

Hannan Group Computer Sen/ices 
Heath Insurance 

Hermes Precisa Australia Pty. Ltd. 
Hitachi Data Systems 
Honeywell Australia Ltd. 

Honeywell Ltd. 

Hong Kong Jockey Club Systems 
(Australia) Pty. Ltd. 

I.P.S Radio & Space Services 
IBM Australia Ltd. 

Ideas International Pty. Ltd. 
Independent Systems Integrators 
Informatel Online 

Information Technology Consultants 
Insurance <& Superannuation 
Commission 

Integration Design Pty. Ltd. 

Intelligent Network Development 
James Cook University 
Joint House Department 
JTEC Pty. Ltd. 

Keays Software 

Knowledge Engineering Pty. Ltd. 
Laboratory Systems Pty. Ltd. 
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Labtam Australia Pty. Ltd. 

Land Infonnation Centre 
Land Titles Office 
Leeds & Northrup Australia Pty. 
Limited 

Logica Pty. Ltd. 

Lotus Development 
Lyons Computer Pty. Ltd. 

Macquarie University 
Main Roads Western Australia 
Mayne Nickless Courier Systems 
Mayne Nickless Information Tech. 
Services 

Medical Benefits Funds of Australia 
Ltd. 

Memtec Limited 
Mentor Technologies Pty. Ltd. 
Mercedes-Benz (Australia) Pty. Ltd. 
Message Handling Systems 
Metal Trades Industry Association 
Mincom Pty. Ltd. 

Minenco Pty. Ltd. 

Mitsubishi Motors Australia Ltd. 

Mitsui Computer Limited 
Moldflow Pty. Ltd. 

Motorola Communications Australia 
Motorola Computer Systems 
Multibase Pty. Ltd. 

Multiline BBS 

National Library of Australia 
National Resource Information Centre 
NCOM Services 
NEC Australia Pty. Ltd. 

Northern Territory Library Service 
Novell Pty. Ltd. 

NSW Agriculture 

NSW Teachers Federation Health 
Society 

Object Design Pty. Ltd. 

Object Technology International Pty. 
Ltd. 

Office of the Director of Public 
Prosecutions 

Open Software Associates Ltd. 

OPSM 

OSIX Pty. Ltd. 

Pacific Star Communications 
Peter Harding & Associates Pty. Ltd. 


Petmsys Pty. Ltd. 

Philips PTS 

Port of Melbourne Authority 
Powerhouse Museum 
Primary Industries & Energy 
Process Software Solutions Pty. Ltd. 
Prospect Electricity 
Pyramid Data Centre Systems 
Qantek 

QLD Department of Transport 
Quality By Design Pty. Ltd. 

Redland Shire Council 
Renison Golfields Consolidated Ltd. 
Rinbina Pty. Ltd. 

Royal Melbourne Institute of 
Technology 

SCEGGS Redlands Ltd 
Sculptor 4GL+SQL 
Security Mailing Services 
SEQEB Business Systems 
Siemens Nixdorf Information Systems 
Pty. Ltd. 

Smallworid Systems (Aust.) Pty. Ltd. 
Snowy Mountains Authority 
Software Plus (Australia) Pty. Ltd. 
South Australian Co-operative Bulk 
Handling 
Specialix Pty. Ltd. 

St. Gregory's Annenian School 
St. John of God Hospital 
St. Vincent's Private Hospital 
Stallion Technologies Pty. Ltd. 
Standards Australia 
Stanilite 

State Library of Victoria 
State Revenue Office 
Steelmark Eagle & Globe 
Sterling Software 
Storage Technology of Australia 
Sydney Electricity 
Sydney Ports Corporation 
Systek Corporation Pty. Ltd. 

Systems Development Telecom 
Australia 
TAB Queensland 
TAFE NSW Information Systems 
Division 

Tandem Computers 


Tattersall Sweep Consultation 
Technical Software Services 
TechNIX Consulting Group 
International 
Telecom Australia 
Telecom Payphone Services 
Telstra Applied Technologies 
Telstra Research Laboratories 
The Far North QLD Electricity Board 
The Fulcrum Consulting Group 
The Roads & Traffic Authority 
The Southport School 
The University of Western Australia 
Thiess Contractors Pty. Ltd. 

Thomas Cook Ltd. 

TNT Australia Information Technology 
Toshiba International Coloration Pty. 
Ltd. 

Tower Technology Pty. Ltd. 

Tradelink Plumbing Supplies Centres 
Transport Accident Commission 
Triad Software Pty. Ltd. 

Unidata Australia 
University of Adelaide 
University of New South Wales 
University of Queensland 
University of South Australia 
University of Sydney 
University of Tasmania 
University of Technology Sydney 
Vanguard Computer Services Pty. Ltd. 
Victoria University of Technology 
VME Systems Pty. Ltd. 

Walter & Eliza Hall Institute 

Water Board 

WCS Australia Pty. Ltd. 

Wesfarmers Limited 
Western Mining Corporation 
Westrail 

Woodside Offshore Petroleum 
Workers’ Compensation Board of QLD 
Workstations Plus 
XEDOC Software Development Pty. 
Ltd. 

Zircon Systems Pty. Ltd. 
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You can help us! If you have changed your mailing address, 
phone, title, or any other contact information, please keep us 
updated. Complete the following information and either fax it to 
the AUUG Membership Secretary on (02) 332-4066 or post it to: 

AUUG Membership Secretary 
P.O. Box 366 
Kensington, NSW 2033 
Australia 


(Please allow at least 4 weeks for the change of address to take effect..) 

□ The following changes are for my personal details, member #:. 



UNIX®AND OPEN SYSTEMS USERS 


O The following changes are for our Institutional Member, primary contact. 


O The following changes are for our Institutional Member, representative 1. 


□ The following changes are for our Institutional Member, representative 2. 


Please Print Your OLD Contact Information (or attach a mailing label): 

Please Print Your NEW Contact Information: 


Name/Contact: 


Name/Contact: 



Position/Title: 

Position/Title: 

Company: 

Company: 

Address: 

Address: 

Postcode 

. Postcode 

Tel: BH 

AH 

Tel: BH 

AH 


Fax: BH 

AH 

Fax: BH 

AH 


email address: 

email address: 


AUUG Secretariat Use 


I [Date: _ 

I Initial: _ 

l Date processed: 
1Membership # _ 










